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(54) Title: SECURE WIRELESS BACKUP MECHANISM 

(57) Abstract: A convenient way for securely storing sensitive data in a public storage area over a wireless network is disclosed. 
Data that is to be backed up is encrypted using a public key of the user and is sent over the wireless network using a Wireless 
Application Protocol (WAP) technique and preferably contained within the body of a SyncML document or an XML document. The 
encrypted data can be later retrieved using a WAP technique and deciypted using the private key of the user. 
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SECURE WIRELESS BACKUP MECHANISM 

Inventors: Mika Leppinen, Padma Sachin and Ami Y. Reddy 

5 BACKGROUND OF THE INVENTION 
1, Fiddofthelnyention 

The present invention relates to wireless systems and secure backup. More 
particularly, the present invention relates to a method and system for securely storing 
data in a public storage area ov^ a wireless network. 

10 2. Description of fhe Related Art 

Mobile client devices, such as mobile telephone handsets, personal digital 
assistants (PDAs) and wireless computing devices, wiU have an ever increasing role in 
the future for accessing and securely storing sensitive data, whether personal or system 
data, in a public storage area over a wireless network. 

15 Figure 1 shows a functional block diagram of a wireless terminal 100 that 

provides a conventional secure backup over a wireless network. Wireless terminal 100 
mcludes a memory 101 for storing data and a backupAestore module 102. In the 
situation when data, such as personal data and/or system data, is to be enaypted by a 
user, the user specifies data that is to be encrypted and then supplies the user's public 

20 encryption key to backup/restore module 102. Backup/restore module 102 accesses the 
specified data in memory 101 and encrypts the specified data using the user's public key. 
Hie encrypted data is sent to, for example, a public storage area 103 over a wireless 
network 104 in a well-known manner. The encrypted data can only be decrypted using 
the user's private key. When the user desires to access the stored encrypted data, the 

25 encrypted data is downloaded from storage area 103 and decrypted by backup/restore 
module 102 using the user's private key in a well-known manner. 

Nevertheless, what is needed is a convenient way for securely storing sensitive 
data in a public storage area over a wireless network. Additionally, what is needed is a 
way to conveniently share sensitive data among different users. 

30 
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SUMMARY OF THE INVENTION 

The present invention provides a convenient way for securely storing sensitive 
data in a public storage area over a wireless network. Hie preset inv^tion also 
provides a way to conveniently share sensitive data among different usa:s. In diat 
5 regard, the present invention provides a technique for securely backing-up data over a 
wireless network and then later retrieving the securely backed-up data. The data that is 
to be backed up is ^crypted using a public key of the user and is sent over the wireless 
network, preferably contained within the body of a synchronization message, such as a 
SyncML document or an XML document The encrypted data can be later retrieved and 

10 deciyptedusingtheprivatekey of dieuser. Privacy of the encrypted data is protected as 
long as the private key of the user has not been compromised. 

Hie advantages of the present invention are provided by a method and a system 
for backmg-up data in a wireless network According to the mvention, data is selected 
within a wireless device, such as a wireless telephone handset or a personal digital 

15 assistant, for backup in a storage area that is accessible by the wireless device through 
the wireless network. The selected data is encrypted using a private key, and then sent to 
the public storage area preferably using a Wireless Application Protocol (WAP) 
technique and preferably encapsulated within a SyncML document or an XML 
document The encrypted data can later be downloaded from the public storage area 

20 preferably using a WAP technique, and the encrypted data is decrypted using a private 
key. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention is illustrated by way of example and not limitation in the 
2S accon^anying figures in which like reference numerals indicate similar elements and in 
which: 

Figure 1 shows a functional block diagram of a wireless terminal that provides 
secure backup over a wireless network; 

Figure 2 shows a functional block diagram of a wireless terminal that provides 
30 secure backup over a wireless network according to the present invention; and 

Figure 3 shows a flow diagram 300 for backing-up data in a wirdess network 
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according to the present invention. 

DETAILED DESCRIPTION 

The present invention provides a technique for securely storing sensitive data in a 
5 public storage area from a client wireless terminal over a wireless network. Tlie data 
that is to be backed up is encrypted using a public key and is sent over the wheless 
network using a Wireless Application Protocol (WAP) technique and preferably 
contained within the body of a SyncML document or an XML document The enoypted 
data can be later retrieved and decrypted using the private key of the user. 

10 Figure 2 shows a functional block diagram of a wireless terminal or computing 

device 200, such as a wkeless handset or a personal digital assistant (PDA), that 
provides secure backup over a wireless network according to the present inventioiL 
Wireless terminal 200 includes a native application 201, a backiqp/restore module 202, a 
backup application 203 and a Wireless Application Protocol (WAP) browser 204. 

IS According to one variation of the invention, wireless terminal 200 operates as a WAP 
client device and uses a Wireless Identity Module (WIM) 205 that is preferably tsajaptt" 
resistant so that the keys, die certificate and the certification standard tiiat are stored 
within WIM are not easily compromised. 

When a user desires to store data within native application 201, such as personal 

20 data and/or system data, in a public storage area 206, the user can select the desired data 
through WAP browser 204 by interacting with backup application 203. Native 
application 201 then sends the desired data for encryption and backup to backup/restore 
module 202. WIM 205 provides the user's public key to backup/restore module 202 for 
encrypting the selected data using, for example, a conventional public key encryption 

25 algoritim The encrypted data is then sent to pubhc storage area 206 through a WAP 
gateway 207. That is, wireless terminal 200 encapsulates the encrypted data in the body 
of a SyncML document or XML document and sends the encapsulated, encrypted data 
to WAP gateway 207 through backup application 203 using die WAP protocol. WAP 
gateway 207 forwards the encapsulated encrypted data to pubUc storage area 206 using, 

30 for example, the HTTP protocol The particular public storage area selected by the user 
is specified by the user and is contained in user configuration data or operator setup data 
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within wireless terminal 200. 

Encrypted data that is stored in public storage aiea 206 can be accessed by using 
WAP browser 204 through backup application 203, and is preferably identified by a 
Uniform Resource Idwitifier (URI). To restore oicrypted data, WAP browser 204 
S downloads the desired encrypted data using die WAP protocol and sends the 
downloaded data to backup/restore module 202 for deciyptioa The user's private key is 
supplied to backup/restore module 202 by WIM 205. Once decrypted, the data is sent to 
native application 201 for restoration. 

WIM 205 allows that a user can securely store data fiiom one wireless terminal 

10 device and securely access tibie stored data from another wireless terminal device. That 
is, WIM 205 stores the certification standard, and the keys and the certificate that are 
unique to a particular user. Thus, a user can encrypt sensitive data on one wireless 
terminal device for stors^e in a public storage area using the user's WIM. The user can 
then access the encrypted data stored in the public storage area from another wireless 

15 terminal device as long as the user uses the same WIM. 

Figure 3 shows a flow diagram 300 for backing-up data in a wireless network 
according to the present invention. At step 301, a user selects data within a wireless 
client device for backup in a public storage area that is accessible by the wireless client 
device through the wireless network. At step 302, the selected data is encrypted using a 

20 public key for the user supplied by a WIM associated with the user. At step 303, the 
encrypted data is preferably encapsulated within a SyncML document or an XML 
document At step 304, the encrypted data is sent to the public storage area using a 
WAP technique. Later, at step 305, the user accesses and downloads the encrypted data 
in the public storage area using WAP technique. At step 306, the downloaded encrypted 

25 data is decrypted using a private key of the user that is supplied by the WIM associated 
with the user. 

While the present invention has been described in connection with tiie illustrated 
embodiments, it will be appreciated and understood that modifications may be made 
without departing firom the true spirit and scope of the invention. 
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THE CLAIMS 
What is claimed is: 



1 h A method for backing-up data in a wireless network, the method 

2 steps of: 

3 selecting data within a wireless device for backup in a storage area, the 

4 storage area being accessible by the wireless client device through the wireless netwo±; 

5 encrypting the selected data; and 

6 sending the encrypted data to the storage area. 

1 2, The method according to claim 1, wherein the step of sending the encrypted 

2 data to the storage area is done using a Wireless Application Protocol (WAP) technique. 

1 3. The method according to claim 1, wherein the step of sending the encrypted 

2 data to the storage area includes a step of encapsulating the encrypted data within a SyncML 

3 document 

1 4. The method according to claim 1, wherein the step of sending the encrypted 

2 data to the storage area includes a step of encapsulating tiie encrypted data within an XML 

3 document. 

1 5. The method according to claim 1, wherem the wireless device is one of a 

2 wireless telephone handset and a personal digital assistant 

1 6. The method according to claim 1, wherein the step of enoypting the selected 

2 data raoypts the selected data using a public key. 



1 
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The mefliod according to claim 6, wherein the public key is supplied by a 

5 
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2 Wireless Identity Module (WIM). 



1 8. The method accordkg to claim 1, further comprising step^ 

2 downloading the encrypted data from the storage area; and 

3 decrypting the encrypted data. 

1 9. The method according to claim 8, wherein flie step of downloading the 

2 encrypted data from flie storage area is done using a WAP technique, 

1 10, The method according to claim 8, wherein the step of decrypting the 

2 encrypted data decrypts the encrypted data using a private key. 

1 11. A method for accessing backed-up data in a wireless network from a 

2 wireless device, the method comprising steps of: 

3 downloading the backed-up data from a storage area, the backed-up data 

4 containing encrypted data and the storage area being accessible by the wireless cUent device 

5 through the wireless network; and 

6 decrypting the. downloaded backed-up data. 

1 12. The method according to claim 11, wherein the step of downloading the 

2 backed-up data from the storage area is done usmg a Wireless Application Protocol (WAP) 

3 technique. 

1 13, The method according to clahn 11, wherem the step of decrypting the 

2 downloaded backed-up data decrypts the encrypted data usmg a private key. 

1 14. The method according to claim 13, wherein the private key is supplied by a 

6 
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2 Wireless Identity Module (WIM). 

1 15. The method according to claim 1 1, whmin ttie backed-up data is embedded 

2 in a SyncML document. 

1 16. The method according to claim 11, wherein die backed-up data is embedded 

2 in an XML document. 

1 17. The method according to claim 1 1 , wherein the wireless client device is one 

2 of a wireless telephone handset and a personal digital assistant. 

1 18. A wireless terminal device, comprisiog: 

2 a memory storing data; 

3 a browser that allows a user to select data for backup storage; 

4 a backup module encrypting the selected data; and 

5 a backup application sending the encrypted selected data to a storage area 

6 that is accessible to the wireless terminal device through a wireless network. 

1 19. The wireless terminal device according to claim 18, wherein the browser is a 

2 Wireless Application Protocol (WAP) browser. 

1 20. The wireless terminal device according to claim 18, wherein the encrypted 

2 selected data is sent to the storage area using a Wireless Application Protocol (WAP) 

3 technique. 

1 21. The wireless terminal device according to claim 18, wherein the encrypted 

2 selected data is encapsulated within a SyncML document 



wo 02/052872 



PCTAJSOl/47703 



1 22. The wireless terminal device acconJing to claim 18, wherein the encrypted 

2 selected data is encapsulated within an XML document. 

1 23. The wireless terminal device according to claim 18, wherein the wireless 

2 client device is one of a wireless telephone handset and a personal digital assistant. 

1 24. The wireless terminal device according to claim 18, wherein the 

2 backup/restore module encrypts the selected data using a public key. 

1 25. The wireless terminal device according to claim 24, further comprising a 

2 Wireless Identity Module (WIM) that stores the public key. 

1 26. The wireless terminal device according to claim 18, wherein the backup 

2 application downloads the encrypted data from the storage area, 

3 the wireless terminal device further comprisirig a restore module that decrypts the 

4 encrypted data. 

1 27. The wireless terminal device according to claim 26, wherein the encrypted 

2 data is downloaded from the storage device using a Wireless Application Protocol (WAP) 

3 technique. 

1 28. The wireless terminal device according to claim 26, wh^in the restore 

2 module decrypts the encrypted data using a private key. 

1 29. The wireless terminal device according to claim 28, fiirthar comprising a 

2 Wireless Identity Module (WIM) that stores the private key. 

8 
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